On 9/23/12 9:18 AM, Fredrich Maney wrote:
I'm a little reluctant to fire up a daemon process just to scan a
system once a month or once a quarter. As I said, we aren't looking
for malware, so I don't really care if the database is somewhat out of
date and we aren't scanning email, so I don't think the performance
hit from multiple threads is really going to come into play.
I'm just looking for an easier way to manage the configuration fed to
the on-demand scan (exclusion list and logging options primarily). Do
I really need to stand up and maintain a daemon for that?
That is exactly the way I did it as well except I had the additional burden of
trying to isolate HIPPA data as well. ClamAV didn't work well with HIPPA as it
isn't structured. I never found a better way no matter what product I tested. A
similar problem exists when doing system and data backups. I've not found a
better way than case by case. In some DC's it is often possible to classify
systems that are reasonably similar and to use a common configuration (at least
that is true when I build them :) ). That reduces the effort to fewer configs
and intelligent distribution and configuration management practices.
BTW, it took nearly 6 months of scanning these systems before the NOC learned
not to call me out for 100% cpu usage when the scans would run :)
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
